Daniel Engberg [Sun, 2 Oct 2016 22:18:37 +0000 (17:18 -0500)]
tools/patchelf: Update to 0.9 and remove patch
Updates patchelf to 0.9
Patch removed, upstreamed.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
diizzyy [Sun, 2 Oct 2016 22:45:17 +0000 (00:45 +0200)]
tools/upx: Update to 3.91 and use new tarball url
Updates UPX to version 3.91 and also updates tarball url
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
diizzyy [Sun, 2 Oct 2016 22:27:48 +0000 (00:27 +0200)]
tools/ppl: Update to 1.2
Updates ppl to version 1.2
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
diizzyy [Sun, 2 Oct 2016 21:54:13 +0000 (23:54 +0200)]
tools/mpfr: Update to 3.1.5 and change to xz tarball
Updates mpfr to 3.1.5 and changes tarball format to xz
Signed-off-by: Daniel Engberg daniel.engberg.lists@pyret.net
diizzyy [Sun, 2 Oct 2016 21:03:15 +0000 (23:03 +0200)]
tools/expat: Update to 2.2.0
Updates expat to 2.2.0
Fixes several CVEs:
CVE-2016-0718
CVE-2016-4472
CVE-2016-5300
CVE-2012-6702
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
diizzyy [Sun, 2 Oct 2016 20:55:23 +0000 (22:55 +0200)]
tools/e2fsprogs: Update to 1.43.3
Update e2fsprogs to 1.43.3
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Daniel Engberg [Sun, 2 Oct 2016 20:44:06 +0000 (15:44 -0500)]
tools/ccache: Update ccache 3.3.2 and refresh patch
Update ccache 3.3.2 and refresh patch
Preserving the original patch comments here by Karl Vogel:
"From
90762a9b8d9a50b6176f10bd6c2e2b9501117561 Mon Sep 17 00:00:00 2001
From: Karl Vogel <karl.vogel@gmail.com>
Date: Tue, 14 Jul 2015 11:05:33 +0200
Subject: [PATCH] Include environment variable GCC_HONOUR_COPTS in hash.
The OpenWRT patch, 910-mbsd_multi.patch, to GCC adds an extra
compilation flag, -fhonour-copts, which is influenced by an
environment variable called GCC_HONOUR_COPTS.
Include this environment var in the hash calculation as otherwise
the gcc stdout warning from a previous compilation might be shown
where, even when GCC_HONOUR_COPTS is in 's'ilent mode.
Signed-off-by: Karl Vogel <karl.vogel@gmail.com>"
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Daniel Dickinson [Thu, 29 Sep 2016 08:19:08 +0000 (04:19 -0400)]
kernel/sound: Add support for PCI HD Audio devices
This patch set adds support for PCI Intel HD Audio
sound devices. This is useful for multimedia packages
in the packages feed that one may use to create audio
servers.
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
Xuefu Lin [Fri, 30 Sep 2016 11:41:12 +0000 (19:41 +0800)]
ramips: Add support for Phicomm K2 PSG1218
- CPU: MT7620A 580MHz
- Flash: 8MB - RAM: 64MB
- External PA+LNA on both WLAN2.4 and WLAN5
- 4x LAN ethernet and 1x WAN ethernet
Signed-off-by: Xuefu Lin <xuefulin@gmail.com>
John Crispin [Fri, 30 Sep 2016 15:29:49 +0000 (17:29 +0200)]
mountd: update to latest git HEAD
adds a cmake fix
Signed-off-by: John Crispin <john@phrozen.org>
Jo-Philipp Wich [Tue, 4 Oct 2016 09:04:50 +0000 (11:04 +0200)]
include: add umask prereq check
When building LEDE with umask values other than 022, the resulting packages
will embed improper permissions, which may lead to random errors or non-
functional scripts on the target.
In order to make users aware of this problem, add a build-prereq check to
assert a correct umask setting before starting the build.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Hauke Mehrtens [Mon, 3 Oct 2016 14:23:17 +0000 (16:23 +0200)]
valgrind: improve mips support
We have to remove the FPU check, it will run in an endless loop on LEDE
when compile without FPU emulation support.
The second patch fixes this problem: valgrind: mmap(0x400000, 303104)
failed in UME with error 22 (Invalid argument).
valgrind still does not support mips16, build LEDE without mips16 support.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Mon, 3 Oct 2016 14:22:28 +0000 (16:22 +0200)]
valgrind: remove 110-add_a_out_h.patch
This patch is not needed any more, valgrind is not using a.out.h any more.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 2 Oct 2016 20:12:44 +0000 (22:12 +0200)]
ntiq: make i2c-lantiqi driver compile again
It missed some changes needed for kernel 4.4. This is only used by the
Falcon SoC and not for the xRX SoCs.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Rafał Miłecki [Sat, 1 Oct 2016 22:19:58 +0000 (00:19 +0200)]
bcm53xx: use the latest XHCI doorbell patch sent for upstream
The main difference is it supports DT binding. This allows us to use DT
for specifying controller and the new standalone USB 3.0 PHY driver.
Thanks to that we don't need out of tree patch adding PHY initialization
to the controller driver anymore.
Rafał Miłecki [Sat, 1 Oct 2016 17:16:40 +0000 (19:16 +0200)]
bcm53xx: drop unneeded fix for usb3-lpm-capable DT property
This problem has been fixed by upstream commit
757de492f2d ("xhci: fix
platform quirks overwrite regression in 4.7-rc1").
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rafał Miłecki [Sat, 1 Oct 2016 14:22:43 +0000 (16:22 +0200)]
bcm53xx: switch to standalone USB 2.0 PHY driver
This drops built-in support for USB 2.0 PHY and starts using separated
driver that was upstreamed & backported some time ago.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rafał Miłecki [Sat, 1 Oct 2016 14:22:24 +0000 (16:22 +0200)]
bcm53xx: add patch specifying USB controllers in DT
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rafał Miłecki [Fri, 30 Sep 2016 13:43:08 +0000 (15:43 +0200)]
bcm53xx: backport BCM5301X patches from 2019-09-30
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Matthias Schiffer [Fri, 30 Sep 2016 21:28:21 +0000 (23:28 +0200)]
netfilter: fix file conflicts between kmod-ipt- and kmod-nft- packages
The nf_reject_* and nf_nat_masquerade_* modules are moved into the
corresponding kmod-nf- packages. Appropriate dependencies are added to the
kmod-nft- packages.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Matthias Schiffer [Fri, 30 Sep 2016 20:40:06 +0000 (22:40 +0200)]
kernel: fix module dependency checking
Since the kernel makefile is using .ONESHELL, we need to add -e to
.SHELLFLAGS so errors are not ignored.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Álvaro Fernández Rojas [Fri, 30 Sep 2016 12:12:34 +0000 (14:12 +0200)]
kernel: update to v4.4.23
Refresh patches for all targets that support kernel 4.4.
compile/run-tested on brcm2708/bcm2710 only.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Stijn Segers [Fri, 30 Sep 2016 06:34:01 +0000 (08:34 +0200)]
kernel: update kernel 4.4 to version 4.4.22
Forgot to update kernel-version.mk, so updated patch. Compile-tested on x86/64 and ar71xx; run-tested on x86/64 and ar71xx.
Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
Felix Fietkau [Wed, 28 Sep 2016 07:49:31 +0000 (09:49 +0200)]
ath9k: remove patch causing stability issues with powersave devices (FS#176)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Kevin Darbyshire-Bryant [Fri, 30 Sep 2016 06:12:26 +0000 (07:12 +0100)]
iproute2: fix no fortify build failure
Fix rt_names build failure when FORTIFY_SOURCE disabled.
Include limits.h which otherwise gets automatically included
by fortify headers.
Solves FS #194
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
dissent1 [Mon, 26 Sep 2016 19:18:37 +0000 (15:18 -0400)]
ipq806x: update Netgear R7800 device tree
-add spi pins
-move mdio and rgmii pinctrl from gmac and mdio into pinmux node
-add i2c4 pinctrl into rpm node
-add pin details into several nodes
-update gmac1 and gmac2 parameters
-update mdio phy0 and phy4 registers by ddwrt devs findings
-fix i2c4 pin drive-strengh
-remove pcie pins as it's already present in ipq8065 DT
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
Daniel Dickinson [Thu, 29 Sep 2016 08:14:17 +0000 (04:14 -0400)]
target/{sdk,imagebuild}: Fix for symlink-tree
With symlink tree some directories are just symlinked which
means IB and SDK end up with a symlink instead of an actual
directory; this fixes the missing files by dereferencesing
the directories instead of copying the symlinks.
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
Álvaro Fernández Rojas [Fri, 16 Sep 2016 09:48:22 +0000 (11:48 +0200)]
brcmfmac43430-firmware: remove package and switch to linux-firmware
Now that the firmware for BCM43430 has been submitted to linux-firmware use it
and remove RPiDistro package.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Felix Fietkau [Thu, 29 Sep 2016 16:25:49 +0000 (18:25 +0200)]
kernel: do not enable the unpackaged rfkill-gpio driver
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 29 Sep 2016 16:07:13 +0000 (18:07 +0200)]
kernel: add missing config symbols
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Jonas Gorski [Thu, 29 Sep 2016 10:16:51 +0000 (12:16 +0200)]
mvebu: add support for SFP
Add patches for SFP support and package it for ClearFog. Tested with a
Juniper SFP module.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Jonas Gorski [Thu, 29 Sep 2016 10:19:28 +0000 (12:19 +0200)]
mvebu: disable MSI interrupts
MSI interrupts do not seem to be working on mvebu, and they break
ath10k. Since nothing else seems to be using them, especially not
mwlwifi, disable them until we can fix MSI interrupts.
Works around the following issue:
[ 9.001457] ath10k_pci 0000:02:00.0: failed to receive control response completion, polling..
[ 10.001453] ath10k_pci 0000:02:00.0: Service connect timeout
[ 10.007126] ath10k_pci 0000:02:00.0: failed to connect htt (-110)
[ 10.092224] ath10k_pci 0000:02:00.0: could not init core (-110)
[ 10.098177] ath10k_pci 0000:02:00.0: could not probe fw (-110)
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 29 Sep 2016 11:34:21 +0000 (13:34 +0200)]
kernel: add STAGING_DIR_HOST/lib to host library search path
Signed-off-by: Felix Fietkau <nbd@nbd.name>
John Crispin [Thu, 29 Sep 2016 09:38:52 +0000 (11:38 +0200)]
mac80211: fix rfkill dependency
Signed-off-by: John Crispin <john@phrozen.org>
Cezary Jackiewicz [Wed, 28 Sep 2016 17:08:38 +0000 (19:08 +0200)]
ramips: Xiaomi MiWiFi Nano: fix status led
- add status led for Xiaomi MiWiFi Nano
- revert https://github.com/lede-project/source/commit/
af1e70b4a730e91ce1668d506ebc5c1c8cf5abf5 , this should not be added.
Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
Felix Fietkau [Thu, 29 Sep 2016 09:23:27 +0000 (11:23 +0200)]
kernel: fix build error in sign-file.c with libressl
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Thu, 29 Sep 2016 09:13:03 +0000 (11:13 +0200)]
kernel: add missing config symbols
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Álvaro Fernández Rojas [Thu, 29 Sep 2016 07:48:09 +0000 (09:48 +0200)]
mac80211: use upstream patches for rtl8xxxu
Also improves rtl8188eu support.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Felix Fietkau [Wed, 28 Sep 2016 14:59:04 +0000 (16:59 +0200)]
kernel: add missing config symbols
Signed-off-by: Felix Fietkau <nbd@nbd.name>
John Crispin [Wed, 28 Sep 2016 10:06:57 +0000 (12:06 +0200)]
procd: update to latest git HEAD
this adds 2 new inittab handlers
* askconsolelate
* respawnlate
Signed-off-by: John Crispin <john@phrozen.org>
Felix Fietkau [Wed, 28 Sep 2016 07:56:26 +0000 (09:56 +0200)]
netifd: update to the latest version, adds various fixes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Florian Fainelli [Mon, 19 Sep 2016 19:59:32 +0000 (12:59 -0700)]
toolchain: Rework external toolchain libc selection
Make it a choice menu which offers the 3 C libraries we know about: glibc,
uClibc and musl. While at it, make it possible for the external toolchain libc
to select USE_GLIBC, USE_UCLIBC or USE_MUSL which is used by several packages
to conditionally include specific CFLAGS (e.g: iproute2).
Because USE_GLIBC et al. can now be selected by external toolchains, we need to
restrict the per-libc menus to check on !EXTERNAL_TOOLCHAIN.
While at it, make musl the default C library for external toolchain to match
the internal toolchain.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Stijn Segers [Sun, 18 Sep 2016 20:44:32 +0000 (22:44 +0200)]
ath10k-firmware: move to firmware section in buildroot
This patch moves the ath10k firmware packages to the firmware submenu
in the buildroot, where it belongs.
Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
Martin Blumenstingl [Sun, 18 Sep 2016 21:29:35 +0000 (23:29 +0200)]
ar71xx: Do not use a hardcoded ath10k firmware mac address
ar71xx has an init-script for special devices where the ath10k OTP
calibration data is stored on the PCIe card's EEPROM (and thus can only
be read by ath10k). Unfortunately the OTP data uses the default mac
address (= all devices come with the same mac address, which leads to
problems when you have multiple of these devices in the same network).
To work around this the mac address is patched in the firmware during
the first boot of the device. To prevent flash wear this was only done
if the ath10k firmware matched a hardcoded md5sum.
However, if the md5sum does not match this can mean that either the mac
address was already patched (which is fine) - unfortunately it can also
mean that the firmware version was updated without updating the
hardcoded md5sum.
Change the "was the mac address already patched" check to actually
compare the mac address inside the ath10k firmware.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Martin Blumenstingl [Sun, 18 Sep 2016 21:29:34 +0000 (23:29 +0200)]
ath10k-firmware: update the qca988x firmware to 10.2.4.70.54
Use firmware version 10.2.4.70.54 from kvalo's git repository. The old
version (even though it's version number is greater) is an old version
from September 2015.
Using only the firmware versions from kvalo's git repo is recommended,
because those are tested by QCA's internal QCA.
The QCA988X directory received a small reorganization as a "hw2.0"
subdirectory was added - this patch also takes care of that as
board.bin was moved to that subdirectory.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Florian Fainelli [Thu, 22 Sep 2016 00:32:10 +0000 (17:32 -0700)]
toolchain: Force installation into /lib
For 64-bit capable systems, a symbolic link is set up for /lib64 to point to
/lib, so make sure the installation goes into /lib, irrespective of where the C
library files come from in an external toolchain.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Felix Fietkau [Wed, 28 Sep 2016 06:29:50 +0000 (08:29 +0200)]
kernel: add missing config symbol after rfkill change
Signed-off-by: Felix Fietkau <nbd@nbd.name>
John Crispin [Tue, 27 Sep 2016 17:06:07 +0000 (19:06 +0200)]
rfkill: add fake rfkill support
allow building of modules depending on RFKILL even if RFKILL is not enabled.
Signed-off-by: John Crispin <john@phrozen.org>
Matthias Schiffer [Wed, 28 Sep 2016 04:14:09 +0000 (06:14 +0200)]
perf: fix build with musl on PowerPC
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Matthias Schiffer [Wed, 28 Sep 2016 00:36:56 +0000 (02:36 +0200)]
kernel: remove echainiv.ko from kmod-crypto-iv
There is a separate package kmod-crypto-echainiv for echainiv.ko. Selecting
both packages led to a conflict, so remove the file from kmod-crypto-iv.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Rafał Miłecki [Tue, 27 Sep 2016 16:18:54 +0000 (18:18 +0200)]
mac80211: backport brcmfmac changes from 2016-09-27
This fixes bug that could cause WARNING on every add_key/del_key call.
It also replaces WARNING with a simple message. They may still occur
e.g. on station going out of range and A-MPDU stall in the firmware.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Chris Blake [Tue, 20 Sep 2016 12:14:29 +0000 (07:14 -0500)]
ar71xx: add support for Cisco Meraki Z1 Cloud Managed Teleworker Gateway
This patch adds support for Cisco's Z1.
Detailed instructions for the flashing the device can
be found in the OpenWrt wiki:
<https://wiki.openwrt.org/toh/meraki/z1>
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
Magnus Kroken [Mon, 26 Sep 2016 15:21:52 +0000 (17:21 +0200)]
openssl: update to 1.0.2j
A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.
Patches applied upstream:
* 301-fix_no_nextprotoneg_build.patch
* 302-Fix_typo_introduced_by_a03f81f4.patch
Security advisory: https://www.openssl.org/news/secadv/
20160926.txt
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
BangLang Huang [Tue, 27 Sep 2016 06:25:04 +0000 (14:25 +0800)]
ramips : add support for Newifi D1
Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
BangLang Huang [Tue, 27 Sep 2016 06:23:27 +0000 (14:23 +0800)]
ramips : add support for PandoraBox D1
Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
Kevin Darbyshire-Bryant [Sun, 25 Sep 2016 03:22:38 +0000 (04:22 +0100)]
fortify-headers: update to 0.8
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
diizzyy [Fri, 23 Sep 2016 11:41:41 +0000 (13:41 +0200)]
linux-firmware: Add mirrors
Adds Google's mirrors as primary source and kernel.org as fallback.
Discussed in #lede-dev on Freenode
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Rosen Penev [Mon, 26 Sep 2016 20:00:04 +0000 (13:00 -0700)]
openssl: Make DTLS configurable.
Signed-off by: Rosen Penev <rosenp@gmail.com>
Rosen Penev [Mon, 26 Sep 2016 19:56:14 +0000 (12:56 -0700)]
openssl: Remove J-PAKE. Nothing uses it.
Signed-off by: Rosen Penev <rosenp@gmail.com>
Kevin Darbyshire-Bryant [Wed, 21 Sep 2016 19:02:01 +0000 (20:02 +0100)]
busybox: v1.25.0 upstream patches
Include upstream patches for gzip, ip & ntpd.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Daniel Engberg [Fri, 23 Sep 2016 22:39:47 +0000 (17:39 -0500)]
libjson-c: Update to 0.12.1
Updates libjson-c and removes backport patch.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
diizzyy [Fri, 23 Sep 2016 16:15:38 +0000 (18:15 +0200)]
libunwind: use url alias
Use alias instead of hardcoded URL
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Adrian Panella [Sun, 25 Sep 2016 04:11:51 +0000 (23:11 -0500)]
uml: set inittab for working console
Signed-off-by: Adrian Panella <ianchi74@outlook.com>
Cezary Jackiewicz [Sun, 25 Sep 2016 19:09:31 +0000 (21:09 +0200)]
ramips: Add support for ZBT-CPE102
- CPU: MT7620N 580MHz
- Flash: 8MB
- RAM: 64MB
- build-in minipcie slot for modem 3G/4G
- one ethernet port 10/100Mbps
Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
Jo-Philipp Wich [Wed, 21 Sep 2016 19:08:29 +0000 (21:08 +0200)]
iwinfo: fix WPA cipher reporting
Within the Lua binding, use the same logic as the command line interface for
reporting the used WPA ciphers. Instead of printing the intersection of
pairwise and group ciphers, report both group and pairwise ciphers.
This fixes a case where a connection which uses CCMP for pairwise and TKIP
as groupwise cipher is getting reported as using the NONE cipher.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Mon, 26 Sep 2016 16:00:37 +0000 (18:00 +0200)]
iproute: properly support high routing table IDs
The Linux kernel uses two distinct fields to denote the routing table ID in
use by network routes; the 8 bit `rtm_table` member of `struct rtmsg` and the
32 bit `RTA_TABLE` netlink attribute.
If a routing table ID is larger than 255, the `RT_TABLE` attribute must be used
and the `rtm_table` field has to be set to the special `RT_TABLE_UNSPEC` value.
This commit adds a patch which...
- switches the *_n2a() and *_a2n() functions of rt_names.c to use dynamically
sized, name-sorted arrays instead of fixed arrays limited to 1024 slots in
order to support IDs up to 65535
- adds proper handling of high table IDs to iprule.c and iproute.c when
adding, removing and dumping ip rules and network routes
After this change, the Busybox ip applet fully supports IP rules with high ID
numbers, using the same logic as the full iproute2.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Tue, 27 Sep 2016 14:20:57 +0000 (16:20 +0200)]
6in4: fix invalid local variable declaration (FS#188)
Remove an invalid local variable declaration in the tunnel update subshell
invocation. Local declarations outside of function scopes are illegal since
the Busybox update to version 1.25.0 .
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Rafał Miłecki [Tue, 27 Sep 2016 04:58:01 +0000 (06:58 +0200)]
mac80211: backport brcmfmac changes from 2016-09-26
All these patches are in wireless-drirvers-next. There is support for
hidden SSID, few new devices and many fixes.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Matthias Schiffer [Mon, 26 Sep 2016 13:25:38 +0000 (15:25 +0200)]
rootfs: fail on errors in postinst scripts
The Gluon firmware framework [1] uses postinst scripts for sanity checks.
Make the build fail when a postinst script exits with an error to make
these sanity checks effective.
All postinst scripts in packages from the LEDE core and the packages feed
seem to work correctly with this change and will always return 0 unless
something is very broken.
[1] https://github.com/freifunk-gluon/gluon
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Matthias Schiffer [Mon, 26 Sep 2016 13:25:38 +0000 (15:25 +0200)]
rootfs: remove unnecessary and potentially harmful force flags from opkg call
Especially --force-overwrite and --force-depends will often lead to broken
images; it's better to fail the build in such cases than to silently ignore
the errors.
Instead, ignore errors in the per-device rootfs opkg remove command, so
the build doesn't break when packages can't be removed because of
dependencies.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Matthias Schiffer [Mon, 26 Sep 2016 13:25:38 +0000 (15:25 +0200)]
image: per-device rootfs: first remove, then install packages
Some DEVICE_PACKAGES definitions replace one package variant with another
(e.g. wpad-mini is replaced with wpad). To avoid file conflicts, first
remove, then install packages.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Matthias Schiffer [Mon, 26 Sep 2016 13:25:37 +0000 (15:25 +0200)]
base-files: make default_prerm work offline
IPKG_INSTROOT must be respected for offline removal (used for per-device
rootfs).
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Matthias Schiffer [Mon, 26 Sep 2016 15:50:35 +0000 (17:50 +0200)]
ramips: fix DEVICE_PACKAGES of Ubiquiti EdgeRouter X
kmod-rt2x00-lib and kmod-mac80211 need to be removed, as they depend on
kmod-cfg80211. kmod-rt2800-pci should not be installed anyways.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Matthias Schiffer [Mon, 26 Sep 2016 13:25:37 +0000 (15:25 +0200)]
ar71xx: clean up DEVICE_PACKAGES of legacy devices
Remove arbitrary or redundant packages from DEVICE_PACKAGES.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Matthias Schiffer [Mon, 26 Sep 2016 13:25:37 +0000 (15:25 +0200)]
image: don't modify file permissions before rootfs generation
Modifying the file permissions can be harmful, as it would make files
world-readable even if they weren't in the ipk packages. The
Image/mkfs/prepare step is removed completely, as it is redundant now (/tmp
and /overlay are already provided by base-files with the correct
permissions).
It has been verified that this change does not affect any permissions of
files in the default package set except /etc/ppp/chap-secrets, which was
world-readable before. All packages not in the default set are more likely
to be installed via opkg than being part of a base image and thus were
usually not affected by the permission modification anyways.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Matthias Schiffer [Mon, 26 Sep 2016 13:25:37 +0000 (15:25 +0200)]
base-files: fix check for empty password warning
Now that we know that the password is in /etc/shadow and not in
/etc/passwd, we can properly fix the logic for the empty password check.
Only 'root::' is an empty password, 'root:x:' and 'root:!:' allow no
password login at all.
This fixes the empty password warning still showing after the root password
has been locked using 'passwd -l root' (e.g. to allow public-key auth
only).
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Matthias Schiffer [Mon, 26 Sep 2016 13:25:37 +0000 (15:25 +0200)]
config: enable shadow passwords unconditionally
Configurations without shadow passwords have been broken since the removal
of telnet: as the default entry in /etc/passwd is not empty (but rather
unset), there will be no way to log onto such a system by default. As
disabling shadow passwords is not useful anyways, remove this configuration
option.
The config symbol is kept (for a while), as packages from feeds depend on
it.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Felix Fietkau [Mon, 26 Sep 2016 14:10:39 +0000 (16:10 +0200)]
mac80211: fix crash in mac80211_hwsim
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Jonas Gorski [Mon, 26 Sep 2016 11:25:44 +0000 (13:25 +0200)]
mvebu: add switch config for clearfog pro
Check for switch0 existance and add default switch config if found.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Jonas Gorski [Mon, 26 Sep 2016 10:02:40 +0000 (12:02 +0200)]
mvebu: add sysupgrade support for clearfog
Add and enable sysupgrade support for clearfog boards, based on how the
brcm2708 target does it.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Jonas Gorski [Sun, 25 Sep 2016 11:34:10 +0000 (13:34 +0200)]
mvebu: add switch node to clearfog
Add a switch node to clearfog to probe and initialize it on Clearfog
Pro. This make the switch work and allows using all six switch ports.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Jonas Gorski [Sat, 24 Sep 2016 19:00:14 +0000 (21:00 +0200)]
mvsw61xx: enable SerDes on 6176 if required
If the cpu port is connected through SGMII we need to enable SerDes for
it to work.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Jonas Gorski [Sat, 24 Sep 2016 10:36:34 +0000 (12:36 +0200)]
mvsw61xx: reset phys on probe to enable switch ports on clearfog pro
The clearfog u-boot does not initialize the switch at all, so we need to
power up the phys ourselves.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Jonas Gorski [Sat, 24 Sep 2016 09:52:02 +0000 (11:52 +0200)]
mvebu: replace ClearFog dts files with patches from upstream
Make the dts file match with what is upstream, to ensure it has the
latest changes and switching to newer kernels is easier.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Jonas Gorski [Fri, 23 Sep 2016 12:32:21 +0000 (14:32 +0200)]
mvebu: enable PCA955x driver for clearfog to enable pcie and usb
Some of the PCIe and USB signals use a GPIO expander on I2C on ClearFog,
so enable the driver so that they can be configured to their required
values.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Jonas Gorski [Fri, 23 Sep 2016 12:03:11 +0000 (14:03 +0200)]
uboot-mvebu: reset the
88E1512 PHY to make the wan port work
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Jonas Gorski [Fri, 23 Sep 2016 11:53:27 +0000 (13:53 +0200)]
uboot-mvebu: make hidden and be m for clearfog to fix IB failing to add it
Uboot-mvebu isn't a real package, which will break the image builder
when it tries to install it during the packing step. Instead of cleafog
selecting it through its default packages, make it default to m if the
clearfog profile is selected.
This will ensure it is always build, but never added to the rootfs. This
fixes creating images for clearfog with IB.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Jonas Gorski [Fri, 23 Sep 2016 11:45:21 +0000 (13:45 +0200)]
uboot-mvebu: also install into KDIR to ensure it packaged in IB
The clearfog image requires u-boot, so package it into KDIR to make sure
it is available in imageBuilder.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Jonas Gorski [Mon, 12 Sep 2016 10:59:21 +0000 (12:59 +0200)]
ptgen: work around gcc miscompilation
Some gcc versions seem to miscompile code using ternary operators,
work around this by just returning the result if exp is 0.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Matthias Schiffer [Sun, 25 Sep 2016 21:06:48 +0000 (23:06 +0200)]
ramips: move /lib/ramips.sh include in /etc/init.d/bootcount into start()
Enabling the init script offline will print an error otherwise.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Matthias Schiffer [Sun, 25 Sep 2016 20:44:36 +0000 (22:44 +0200)]
fstools: mark as nonshared and add missing PKG_CONFIG_DEPENDS
The fstools build depends on the CONFIG_NAND_SUPPORT flag, which is
target-specific.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Matthias Schiffer [Sun, 25 Sep 2016 07:30:55 +0000 (09:30 +0200)]
image: fix CONFIG_CLEAN_IPKG with CONFIG_TARGET_PER_DEVICE_ROOTFS
Running prepare_rootfs on TARGET_DIR deletes the opkg state when
CONFIG_CLEAN_IPKG is enabled, making the per-device rootfs package install
fail.
To avoid this, create a copy of the TARGET_DIR before prepare_rootfs is run
and use this as basis for per-device rootfs generation.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Matthias Schiffer [Sat, 24 Sep 2016 21:37:54 +0000 (23:37 +0200)]
kernel: remove duplicate br-netfilter file and Kconfig symbol from kmod-ebtables
br_netfilter.ko and the corresponding Kconfig symbol are already provided
by kmod-br-netfilter, which is a dependency of kmod-ebtables.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Hauke Mehrtens [Sat, 24 Sep 2016 17:50:27 +0000 (19:50 +0200)]
openssl: backport build fix when hardware support is used
This fix added to the openssl 1.0.2 branch.
In addition add the header for the existing backport.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Neal Oakey [Sat, 24 Sep 2016 17:00:14 +0000 (19:00 +0200)]
ar71xx: add model detection for many Ubiquiti AirMax XM devices
Signed-off-by: Neal Oakey <neal.oakey@bingo-ev.de>
[Matthias Schiffer: minor adjustments]
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Matthias Schiffer [Sat, 24 Sep 2016 16:36:36 +0000 (18:36 +0200)]
image: per-device rootfs: don't fail without opkg
Ignore errors caused by /etc/opkg not existing (i.e. when opkg is not
selected).
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Matthias Schiffer [Sat, 24 Sep 2016 16:25:25 +0000 (18:25 +0200)]
image: allow specifying additional packages for device-specific rootfs
Add a new option to each device in multi-profile mode, allowing to provide
a list of packages to add or remove. In case of added packages, the user
must take care that these are selected to be built.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Jo-Philipp Wich [Sat, 24 Sep 2016 12:30:24 +0000 (14:30 +0200)]
treewide: remove bad local shell variable declarations
Local variable declarations outside of functions are illegal since the Busybox
update to v1.25.0, therfore remove them from the appropriate places.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Hauke Mehrtens [Sat, 24 Sep 2016 11:48:05 +0000 (13:48 +0200)]
curl: update to version 7.50.3
This fixes the following security problems:
7.50.1:
CVE-2016-5419 TLS session resumption client cert bypass
CVE-2016-5420 Re-using connections with wrong client cert
CVE-2016-5421 use of connection struct after free
7.50.2:
CVE-2016-7141 Incorrect reuse of client certificates
7.50.3:
CVE-2016-7167 curl escape and unescape integer overflows
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Magnus Kroken [Sat, 24 Sep 2016 09:36:49 +0000 (11:36 +0200)]
openssl: update to 1.0.2i
Drop 302-fix_no_cmac_build.patch, it has been applied upstream.
Security fixes:
* (Severity: High) OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
* (Severity: Moderate) SSL_peek() hang on empty record (CVE-2016-6305)
* 10 Low severity issues
Security advisory: https://www.openssl.org/news/secadv/
20160922.txt
Changelog: https://www.openssl.org/news/cl102.txt
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>